Using mod_security2 with WordPress

ModSecurity is an open source web application firewall which prevent attacks for your websites however if the rules are not configured properly, the legit URLs may be blocked by mod_security rules.

Recently I received few errors “405 Method Not Allowed” and “406 Not Acceptable” while accessing my WordPress admin area. After investigating, I found that Mod_security2 rules were causing this problem. To fix this problem, I created global whitelist configuration file (/usr/local/apache/conf/modsec2/whitelist.conf – this may be different for you depending on your installation) and bypassed some rules for WordPress admin area as follow: